AD Authentication?
Matt Brodeur
mbrodeur at NextTime.com
Tue Mar 4 09:30:14 EST 2008
On Tue, Mar 04, 2008 at 08:38:25AM -0500, Kenny Lussier wrote:
>
> Does anyone know of any recent, good docs on using a Windows Active
> Directory server to authenticate Linux desktops? I am currently
> working in a place that has a Windows infrastructure (AD, Exchange,
> etc.), but we need to be able to use the existing central
> authentication for a new fleet of Linux desktops. Most of the docs
> that I found were circa 2002, and they all required patching the AD
> server, and installing software on the Windows side to allow different
> schemas.
If you absolutely can't touch the AD servers you'll have to look at
Samba's Winbind. IIRC, you'll want a separate LDAP server to store
the SID-UID mappings, instead of letting each client make up their
own.
I don't know if the default AD schema has enough information to
authenticate Linux clients directly. I think, at a minimum, you'll
need Services For Unix installed. That'll add attributes which are
almost, but not entirely, unlike the normal posixAccount ones. From
there you could use OpenLDAP meta mapping to translate MS LDAP to
something more sane.
Disclaimer: I've probably done this exactly once, in a lab exercise
during a class. FWIW, it's still what RH teaches as of 2006.
--
Matt Brodeur RHCA
MBrodeur at NextTime.com http://www.nexttime.com
PGP ID: 2CFE18A3 / 9EBA 7F1E 42D1 7A43 5884 560C 73CF D615 2CFE 18A3
Apathy Club meeting this Friday. If you want to come, you're not invited.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20080304/765dfe6f/attachment.bin
More information about the gnhlug-discuss
mailing list